I created a presigned URL for a video file stored in S3 bucket. My application streams the video file using html5 video tag in a browser. Therefore to play the video, I am using the signed URL which can be accessed in frontend if we see the view source of a webpage. Anyone who gets access to the URL can read the file stored in the S3 bucket. Can we do anything to prevent this from happening?
When you create signed URLs or signed cookies to control access to your files, you can specify the following restrictions:
• An ending date and time, after which the URL is no longer valid.
• (Optional) The date and time that the URL becomes valid.
• (Optional) The IP address or range of addresses of the computers that can be used to access your content.
Set-Cookieheaders that set signed cookies on the viewers for authenticated users
One part of a signed URL or a signed cookie is hashed and signed using the private key from a public/private key pair. When someone uses a signed URL or signed cookie to access an object, CloudFront compares the signed and unsigned portions of the URL or cookie. If they don’t match, CloudFront doesn’t serve the object.